CLSA-2023:1693424916

[CLSA-2023:1693424916] kernel: Fix of 18 CVEs

Type:

security

Severity:

Important

Release date:

2023-08-30

Description:

- netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004}
- net: tun: fix bugs for oversize packet when napi frags enabled {CVE-2023-3812}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776}
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue {CVE-2023-3611}
- net/sched: sch_qfq: refactor parsing of netlink parameters
- ipvlan:Fix out-of-bounds caused by unclear skb->cb {CVE-2023-3090}
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition {CVE-2023-35823}
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition {CVE-2023-35824}
- memstick: r592: Fix UAF bug in r592_remove due to race condition {CVE-2023-3141}
- ovl: fix use after free in struct ovl_aio_req {CVE-2023-1252}
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037}
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref() {CVE-2022-23042}
- xen/netfront: don't trust the backend response data blindly
- xen/netfront: disentangle tx_skb_freelist
- xen: sync include/xen/interface/io/ring.h with Xen's newest version
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() {CVE-2023-35788}
- rds: rds_rm_zerocopy_callback() use list_first_entry() {CVE-2023-1078}
- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os {CVE-2022-3424}
- NFSD: Cap rsize_bop result based on send buffer size {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv3 READ {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945}
- SUNRPC: Fix svcxdr_init_encode's buflen calculation {CVE-2022-43945}
- SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation {CVE-2022-43945}
- mm/mremap: hold the rmap lock in write mode when moving page table entries. {CVE-2022-39189}
- KVM: x86: do not report a vCPU as preempted outside instruction boundaries {CVE-2022-39189}
- net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() {CVE-2023-28466}
- tee: handle lookup of shm with reference count 0 {CVE-2021-44733}

Updated packages:

bpftool-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:d038b4ce7046ca07c839039c42e5449c270b53b8
kernel-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:ad9c5fecd0daad2b8c1873e7b591a844429459e2
kernel-core-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:28308eaa6cfa20cae7dcfdab5f191b9a070e2cf2
kernel-cross-headers-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:4da4ef2ee94b2cf1d887796f525cd56be14f303b
kernel-debug-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:b6c20e49a1660b6a99a321d0ac269327871cfa64
kernel-debug-core-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:f0e3b5b143e473632c457b51baad7fdfc2e866b2
kernel-debug-devel-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:b69f64e02f382ca516c47f97fd641cda96abed22
kernel-debug-modules-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:f27c2bf521eaa96c7f32bccfe16c3d666121fc8b
kernel-debug-modules-extra-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:3ca735d4498a1e2632d429df47bf3c30f0850190
kernel-debug-modules-internal-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:9f95fb7fd6b12e9d582a9827a00f33d24eb8b2c3
kernel-devel-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:3781edb8d3ec2c13712bb45ac725f1b004086e38
kernel-headers-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:b8634e03dc9b0cf18cbaffaaf4944bb54911f523
kernel-ipaclones-internal-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:b38562f080c295cb1a263e3f6dd3e8532d8afff9
kernel-modules-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:828dba9712d78f1c30852b91af6c023c0a1b20ce
kernel-modules-extra-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:87f8493a956758156f1ef8d46834fdfa3345d606
kernel-modules-internal-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:3c82cc894ee802788356563fa44955b9cb1710e4
kernel-selftests-internal-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:ed782d8d7fe9a6f1eea516113c86c7ae63403e45
kernel-tools-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:db90385d76394d06e72eab707c5167347e128ccb
kernel-tools-libs-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:2b1d482c6b870dad86d01a0006b8793b1839678a
kernel-tools-libs-devel-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:f00abc97c9024685f0e851992735aaf4a5de0ecc
perf-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:5ac2b36f0406e18cbe5fc01c988d72696ca384a9
python3-perf-4.18.0-348.7.1.el8_5.tuxcare.els10.x86_64.rpm
sha:1150c18bff96ca132915301d5b927c4dd5945552

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.